A year after his initial success with the California Consumer Protection Act (CCPA), Alastair Mactaggart is continuing to advance the privacy journey with a new California ballot initiative slated for the November 2020 election. The California Privacy Rights and Enforcement Act of 2020 seeks to continue the work started by CCPA by strengthening consumer protections and defining new requirements businesses need to follow.
Privacy legislation is an ongoing journey that is going through a period of great change. CCPA brought new requirements for organizations to track the types of data they were processing and the types of vendors they were sharing it with and provide that information to consumers via Subject Rights Requests. When CCPA was penned, however, we knew that clarifications and changes would follow.
This new initiative underscores the importance of the privacy issue and is a step toward building an infrastructure that can provide expert, detailed guidance.
The new requirements further the goal of putting control of personal data in the hands of the people to whom it belongs.
Since the early days, modern privacy legislation has been crafted to implement controls directed at achieving our core human values. Privacy is a fundamental right that resonates with all humans. “The right to left alone” as it has been described demonstrates that humans want to be in control and choose how they interact with the world. This concept was penned by Louis Brandeis, a member of the supreme court, when describing core privacy values and challenges in a Harvard law review article he authored in 1890.
Technical advancements have fueled the pursuit of these rights over the past 40 years. All business transactions are now completed with the aid of computers and produce digital information which has become increasingly more personal and sensitive. This information – although about people – is not controlled by the people to whom the data refers. Additionally, this information has become an entity unto itself and contains valuable details on how we live, eat and function.
In creating these and other new requirements surrounding the processing of personal information the ballot authors will be forcing organizations to further improve their data management capabilities.
Granular tracking of data collection procedures, opt-in management, analytic operations, and data retention will require more details about the data to be captured, stored and understood. Serving up the right data to complete a Subject Rights Request will be an exercise of understanding the status and make-up of any particular piece of data quickly and accurately.
Privacy management platforms will have to be flexible and scalable enough to support these new requirements. Comprehensive inventory and classification solutions that enable organizations to understand and track sensitive customer data will be key to meeting current and future privacy regulations.